For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 10, 2008

How to allow Search Engine Robots/Slurps through ASM?

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode.     We are seeing and blocking loads of Non-RFC compliant request violations. Exami...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 28, 2009
In addition to what Brailsford might have to add...

 

 

There is a check for 'Several Content-Length headers'. So if the request smuggling attack depends on more than one Content-Length headers, it should be blocked with that check.

 

 

You could try to contact Yahoo and ask why they include the LLF-Cache-Control header in their requests. I couldn't find any reference to it in any RFC or other document. I assume your web server would ignore it whether there was a value set or not.

 

 

You could also use an iRule to rewrite the LLF-Cache-Control header to a static value for requests with a Yahoo search string in the User-Agent field. You could also remove it altogether from all requests. This seems like a bit of unnecessary overhead though if ASM can protect against the attack with other checks.

 

 

Aaron